CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
openbravoopenbravo_erp
3.0
openbravoopenbravo_erp
3.0:maintenance_pack0.1
openbravoopenbravo_erp
3.0:maintenance_pack1
openbravoopenbravo_erp
3.0:maintenance_pack10
openbravoopenbravo_erp
3.0:maintenance_pack10.1
openbravoopenbravo_erp
3.0:maintenance_pack10.2
openbravoopenbravo_erp
3.0:maintenance_pack10.3
openbravoopenbravo_erp
3.0:maintenance_pack11
openbravoopenbravo_erp
3.0:maintenance_pack11.1
openbravoopenbravo_erp
3.0:maintenance_pack12
openbravoopenbravo_erp
3.0:maintenance_pack12.1
openbravoopenbravo_erp
3.0:maintenance_pack12.2
openbravoopenbravo_erp
3.0:maintenance_pack13
openbravoopenbravo_erp
3.0:maintenance_pack13.1
openbravoopenbravo_erp
3.0:maintenance_pack13.2
openbravoopenbravo_erp
3.0:maintenance_pack14
openbravoopenbravo_erp
3.0:maintenance_pack14.1
openbravoopenbravo_erp
3.0:maintenance_pack14.2
openbravoopenbravo_erp
3.0:maintenance_pack15
openbravoopenbravo_erp
3.0:maintenance_pack15.1
openbravoopenbravo_erp
3.0:maintenance_pack15.2
openbravoopenbravo_erp
3.0:maintenance_pack16
openbravoopenbravo_erp
3.0:maintenance_pack16.1
openbravoopenbravo_erp
3.0:maintenance_pack16.2
openbravoopenbravo_erp
3.0:maintenance_pack16.3
openbravoopenbravo_erp
3.0:maintenance_pack17
openbravoopenbravo_erp
3.0:maintenance_pack17.1
openbravoopenbravo_erp
3.0:maintenance_pack17.2
openbravoopenbravo_erp
3.0:maintenance_pack17.3
openbravoopenbravo_erp
3.0:maintenance_pack18
openbravoopenbravo_erp
3.0:maintenance_pack18.1
openbravoopenbravo_erp
3.0:maintenance_pack18.2
openbravoopenbravo_erp
3.0:maintenance_pack18.3
openbravoopenbravo_erp
3.0:maintenance_pack18.4
openbravoopenbravo_erp
3.0:maintenance_pack18.5
openbravoopenbravo_erp
3.0:maintenance_pack19
openbravoopenbravo_erp
3.0:maintenance_pack19.1
openbravoopenbravo_erp
3.0:maintenance_pack19.2
openbravoopenbravo_erp
3.0:maintenance_pack19.3
openbravoopenbravo_erp
3.0:maintenance_pack19.4
openbravoopenbravo_erp
3.0:maintenance_pack2
openbravoopenbravo_erp
3.0:maintenance_pack2.1
openbravoopenbravo_erp
3.0:maintenance_pack2.2
openbravoopenbravo_erp
3.0:maintenance_pack2.3
openbravoopenbravo_erp
3.0:maintenance_pack2.4
openbravoopenbravo_erp
3.0:maintenance_pack20
openbravoopenbravo_erp
3.0:maintenance_pack21
openbravoopenbravo_erp
3.0:maintenance_pack21.1
openbravoopenbravo_erp
3.0:maintenance_pack22
openbravoopenbravo_erp
3.0:maintenance_pack22.1
openbravoopenbravo_erp
3.0:maintenance_pack22.2
openbravoopenbravo_erp
3.0:maintenance_pack22.3
openbravoopenbravo_erp
3.0:maintenance_pack23
openbravoopenbravo_erp
3.0:maintenance_pack23.1
openbravoopenbravo_erp
3.0:maintenance_pack23.2
openbravoopenbravo_erp
3.0:maintenance_pack24
openbravoopenbravo_erp
3.0:maintenance_pack24.1
openbravoopenbravo_erp
3.0:maintenance_pack24.2
openbravoopenbravo_erp
3.0:maintenance_pack25
openbravoopenbravo_erp
3.0:maintenance_pack25.1
openbravoopenbravo_erp
3.0:maintenance_pack25.2
openbravoopenbravo_erp
3.0:maintenance_pack26
openbravoopenbravo_erp
3.0:maintenance_pack26.1
openbravoopenbravo_erp
3.0:maintenance_pack26.2
openbravoopenbravo_erp
3.0:maintenance_pack26.3
openbravoopenbravo_erp
3.0:maintenance_pack26.4
openbravoopenbravo_erp
3.0:maintenance_pack27
openbravoopenbravo_erp
3.0:maintenance_pack27.1
openbravoopenbravo_erp
3.0:maintenance_pack28
openbravoopenbravo_erp
3.0:maintenance_pack28.1
openbravoopenbravo_erp
3.0:maintenance_pack28.2
openbravoopenbravo_erp
3.0:maintenance_pack28.3
openbravoopenbravo_erp
3.0:maintenance_pack28.4
openbravoopenbravo_erp
3.0:maintenance_pack28.5
openbravoopenbravo_erp
3.0:maintenance_pack29
openbravoopenbravo_erp
3.0:maintenance_pack29.1
openbravoopenbravo_erp
3.0:maintenance_pack29.2
openbravoopenbravo_erp
3.0:maintenance_pack29.3
openbravoopenbravo_erp
3.0:maintenance_pack29.4
openbravoopenbravo_erp
3.0:maintenance_pack3
openbravoopenbravo_erp
3.0:maintenance_pack3.1
openbravoopenbravo_erp
3.0:maintenance_pack3.2
openbravoopenbravo_erp
3.0:maintenance_pack30
openbravoopenbravo_erp
3.0:maintenance_pack30.1
openbravoopenbravo_erp
3.0:maintenance_pack30.2
openbravoopenbravo_erp
3.0:maintenance_pack30.3
openbravoopenbravo_erp
3.0:maintenance_pack31
openbravoopenbravo_erp
3.0:maintenance_pack31.1
openbravoopenbravo_erp
3.0:maintenance_pack31.2
openbravoopenbravo_erp
3.0:maintenance_pack31.3
openbravoopenbravo_erp
3.0:maintenance_pack31.4
openbravoopenbravo_erp
3.0:maintenance_pack4
openbravoopenbravo_erp
3.0:maintenance_pack4.1
openbravoopenbravo_erp
3.0:maintenance_pack4.2
openbravoopenbravo_erp
3.0:maintenance_pack5
openbravoopenbravo_erp
3.0:maintenance_pack5.1
openbravoopenbravo_erp
3.0:maintenance_pack5.2
openbravoopenbravo_erp
3.0:maintenance_pack5.3
openbravoopenbravo_erp
3.0:maintenance_pack6
openbravoopenbravo_erp
3.0:maintenance_pack6.1
openbravoopenbravo_erp
3.0:maintenance_pack6.2
openbravoopenbravo_erp
3.0:maintenance_pack7
openbravoopenbravo_erp
3.0:maintenance_pack7.1
openbravoopenbravo_erp
3.0:maintenance_pack7.2
openbravoopenbravo_erp
3.0:maintenance_pack7.3
openbravoopenbravo_erp
3.0:maintenance_pack8
openbravoopenbravo_erp
3.0:maintenance_pack8.1
openbravoopenbravo_erp
3.0:maintenance_pack8.2
openbravoopenbravo_erp
3.0:maintenance_pack8.3
openbravoopenbravo_erp
3.0:maintenance_pack8.4
openbravoopenbravo_erp
3.0:maintenance_pack9
openbravoopenbravo_erp
3.0:maintenance_pack9.1
openbravoopenbravo_erp
3.0:maintenance_pack9.2
openbravoopenbravo_erp
3.0:maintenance_pack9.3
openbravoopenbravo_erp
3.0:pr14q2
openbravoopenbravo_erp
3.0:pr14q2.1
openbravoopenbravo_erp
3.0:pr14q2.2
openbravoopenbravo_erp
3.0:pr14q2.3
openbravoopenbravo_erp
3.0:pr14q2.4
openbravoopenbravo_erp
3.0:pr14q2.5
openbravoopenbravo_erp
3.0:pr14q2.6
openbravoopenbravo_erp
3.0:pr14q3
openbravoopenbravo_erp
3.0:pr14q3.1
openbravoopenbravo_erp
3.0:pr14q3.2
openbravoopenbravo_erp
3.0:pr14q3.3
openbravoopenbravo_erp
3.0:pr14q3.4
openbravoopenbravo_erp
3.0:pr14q3.5
openbravoopenbravo_erp
3.0:pr14q3.6
openbravoopenbravo_erp
3.0:pr14q3.7
openbravoopenbravo_erp
3.0:pr14q3.8
openbravoopenbravo_erp
3.0:pr14q4
openbravoopenbravo_erp
3.0:pr15q1
openbravoopenbravo_erp
3.0:pr15q1.1
openbravoopenbravo_erp
3.0:pr15q1.2
openbravoopenbravo_erp
3.0:pr15q1.3
openbravoopenbravo_erp
3.0:pr15q1.4
openbravoopenbravo_erp
3.0:pr15q1.5
openbravoopenbravo_erp
3.0:pr15q2
openbravoopenbravo_erp
3.0:pr15q2.1
openbravoopenbravo_erp
3.0:pr15q2.2
openbravoopenbravo_erp
3.0:pr15q2.3
openbravoopenbravo_erp
3.0:pr15q2.4
openbravoopenbravo_erp
3.0:pr15q2.5
openbravoopenbravo_erp
3.0:pr15q2.6
openbravoopenbravo_erp
3.0:pr15q3
openbravoopenbravo_erp
3.0:pr15q3.1
openbravoopenbravo_erp
3.0:pr15q3.2
openbravoopenbravo_erp
3.0:pr15q3.3
openbravoopenbravo_erp
3.0:pr15q3.4
openbravoopenbravo_erp
3.0:pr15q3.5
openbravoopenbravo_erp
3.0:pr15q4
openbravoopenbravo_erp
3.0:pr15q4.1
openbravoopenbravo_erp
3.0:pr15q4.2
openbravoopenbravo_erp
3.0:pr15q4.3
openbravoopenbravo_erp
3.0:pr15q4.4
openbravoopenbravo_erp
3.0:pr15q4.5
openbravoopenbravo_erp
3.0:pr15q4.6
openbravoopenbravo_erp
3.0:pr16q1
openbravoopenbravo_erp
3.0:pr16q1.1
openbravoopenbravo_erp
3.0:pr16q1.2
openbravoopenbravo_erp
3.0:pr16q1.3
openbravoopenbravo_erp
3.0:pr16q2
openbravoopenbravo_erp
3.0:pr16q2.1
openbravoopenbravo_erp
3.0:pr16q2.2
openbravoopenbravo_erp
3.0:pr16q2.3
openbravoopenbravo_erp
3.0:pr16q2.4
openbravoopenbravo_erp
3.0:pr16q3
openbravoopenbravo_erp
3.0:pr16q3.1
openbravoopenbravo_erp
3.0:pr16q3.2
openbravoopenbravo_erp
3.0:pr16q3.3
openbravoopenbravo_erp
3.0:pr16q3.4
openbravoopenbravo_erp
3.0:pr16q3.5
openbravoopenbravo_erp
3.0:pr16q4
openbravoopenbravo_erp
3.0:pr16q4.1
openbravoopenbravo_erp
3.0:pr16q4.2
openbravoopenbravo_erp
3.0:pr16q4.3
openbravoopenbravo_erp
3.0:pr16q4.4
openbravoopenbravo_erp
3.0:pr17q1
openbravoopenbravo_erp
3.0:pr17q1.1
openbravoopenbravo_erp
3.0:pr17q1.2
openbravoopenbravo_erp
3.0:pr17q1.3
openbravoopenbravo_erp
3.0:pr17q2
openbravoopenbravo_erp
3.0:pr17q2.1
openbravoopenbravo_erp
3.0:pr17q2.2
openbravoopenbravo_erp
3.0:pr17q2.3
openbravoopenbravo_erp
3.0:pr17q2.4
openbravoopenbravo_erp
3.0:pr17q3
openbravoopenbravo_erp
3.0:pr17q3.1
openbravoopenbravo_erp
3.0:pr17q3.2
openbravoopenbravo_erp
3.0:pr17q3.3
openbravoopenbravo_erp
3.0:pr17q4
openbravoopenbravo_erp
3.0:pr17q4.1
openbravoopenbravo_erp
3.0:pr17q4.2
openbravoopenbravo_erp
3.0:pr18q1
openbravoopenbravo_erp
3.0:pr18q1.1
openbravoopenbravo_erp
3.0:pr18q1.2
openbravoopenbravo_erp
3.0:pr18q1.3
openbravoopenbravo_erp
3.0:pr18q2
openbravoopenbravo_erp
3.0:pr18q2.1
openbravoopenbravo_erp
3.0:pr18q2.2
openbravoopenbravo_erp
3.0:pr18q2.3
openbravoopenbravo_erp
3.0:pr18q3
openbravoopenbravo_erp
3.0:pr18q3.1
openbravoopenbravo_erp
3.0:pr18q3.2
openbravoopenbravo_erp
3.0:pr18q3.3
openbravoopenbravo_erp
3.0:pr18q3.4
openbravoopenbravo_erp
3.0:pr18q3.5
openbravoopenbravo_erp
3.0:pr18q4
openbravoopenbravo_erp
3.0:pr18q4.1
openbravoopenbravo_erp
3.0:pr18q4.2
openbravoopenbravo_erp
3.0:pr18q4.3
openbravoopenbravo_erp
3.0:pr19q1
openbravoopenbravo_erp
3.0:pr19q1.1
openbravoopenbravo_erp
3.0:pr19q1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://grep.blog/directory-traversal-openbravo/
https://issues.openbravo.com/view.php?id=41413
https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/
https://grep.blog/directory-traversal-openbravo/
https://issues.openbravo.com/view.php?id=41413
https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/